Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for August 4th, 2007

Somewhat Predictable…

with one comment

So, yesterday’s events on AIM both showed the stalkers pressure points and her predictability in actions. Well somewhat predictable at least. It seems she is rather driven by anger, perhaps one might even say rage.

After my making her aware that she is closer to being caught (which in reality she has done nothing up til now that she could be arrested for really under the current laws of the land) she went off today. She waited til the clients were away and evidently ran over their mailbox! Now, interestingly enough, the mailbox has blue paint on it post destruction. Coincidence then that her car is blue? I think not.

I logged back onto the AIM session via someone’s AP while out and left her a missive. It said;

“First, you know that destroying a mailbox is a FEDERAL crime right? Thanks for being so predictable! I am glad you took the bait because the cameras I had installed should have captured the event nicely! I will see you just after the cops have you zip tied up! Ta ta…”

Yeah, lets see what she does now. Tonight, surveillance time.
CoB

Written by Krypt3ia

2007/08/04 at 18:17

Posted in Uncategorized

Somewhat Predictable…

with 5 comments

So, yesterday’s events on AIM both showed the stalkers pressure points and her predictability in actions. Well somewhat predictable at least. It seems she is rather driven by anger, perhaps one might even say rage.

After my making her aware that she is closer to being caught (which in reality she has done nothing up til now that she could be arrested for really under the current laws of the land) she went off today. She waited til the clients were away and evidently ran over their mailbox! Now, interestingly enough, the mailbox has blue paint on it post destruction. Coincidence then that her car is blue? I think not.

I logged back onto the AIM session via someone’s AP while out and left her a missive. It said;

“First, you know that destroying a mailbox is a FEDERAL crime right? Thanks for being so predictable! I am glad you took the bait because the cameras I had installed should have captured the event nicely! I will see you just after the cops have you zip tied up! Ta ta…”

Yeah, lets see what she does now. Tonight, surveillance time.
CoB

Written by Krypt3ia

2007/08/04 at 18:17

Posted in Uncategorized

How much does it suck to be Michelle Madigan?

with 4 comments

Saturday, Aug 4th 2007 by James Allan Brady

A lot, especially since being outed as the press’ mole in the hacker-only conference DefCon. Her measly goal was to sneak in as a programmer and catch hackers admitting to illegal activity.

What happened is quite a hilarious story, but first its key to note that trying to trick a group of people with more connections than the alphabet boys (CIA, DEA, NSA, you get the hint) is a bad idea. From there it just kind of goes downhill, basically someone tipped off the people inside the conference and they decided to play a little game.

They brought a bunch of people from the conference in to play a little game of “Spot the Fed” only upon arrival, while Ms. Maddigan was there, they changed the game to “Spot the Undercover Reporter” which caused the reporter bolt out of the room. If I were her I would just disconnect myself from the world and move into the side of a hill because doing anything connected to the digital world right now would probably be a very bad idea.

Doh!

Written by Krypt3ia

2007/08/04 at 10:44

Posted in Uncategorized

Video Games…

leave a comment »

Researcher’s Analysis of al Qaeda Images Reveals Surprises — UPDATED
By Kim Zetter EmailAugust 02, 2007 | 9:16:00 PMCategories: DefCon

Neal Krawetz, a researcher and computer security consultant, gave an interesting presentation today at the BlackHat security conference in Las Vegas about analyzing digital photographs and video images for alterations and enhancements.

Using a program he wrote (and provided on the conference CD-ROM) Krawetz could print out the quantization tables in a JPEG file (that indicate how the image was compressed) and determine the last tool that created the image — that is, the make and model of the camera if the image is original or the version of Photoshop that was used to alter and re-save the image.

Comparing that data to the metadata embedded in the image he could determine if the photo was original or had been re-saved or altered. Then, using error level analysis of an image he could determine what were the last parts of an image that were added or modified.

Error level analysis involves re-saving an image at a known error rate (90%, for example), then subtracting the re-saved image from the original image to see every pixel that changed and the degree to which it changed. The modified versions will indicate a different error level than the original image.

You can see the difference in the two pictures (below right) of a bookshelf. Krawetz added some books and a toy dinosaur to the original image — both of which show up clearly in the second picture after he’s completed the error level analysis.Bookshelf_and_dinosaur

But more interesting were the examples Krawetz gave of al Qaeda images. Krawetz took an image from a 2006 al Qaeda video of Ayman al-Zawahiri (above right), a senior member of the terrorist organization. The image shows al-Zawahiri sitting in front of a desk and banner with writing on it. But after conducting his error analysis Krawetz was able to determine that al-Zawahiri’s image was superimposed in front of the background — and was most likely videotaped in front of a black sheet.

Krawetz was also able to determine that the writing on the banner behind al-Zawahiri’s head was added to the image afterward. In the second picture above showing the results of the error level analysis, the light clusters on the image indicate areas of the image that were added or changed. The subtitles and logos in the upper right and lower left corners (IntelCenter is an organization that monitors terrorist activity and As-Sahab is the video production branch of al Qaeda) were all added at the same time all have the same error level, while the banner writing was added at a different time has a different error level, likely around the same time that al-Zawahiri was added, Krawetz says. (See 2nd update below.)

Even more interesting is the analysis he conducted on another 2006 video image of Azzam al-Amriki showing him in a white room with a desk, computer and some books in the background. Error level analysis shows that the books in the lower right-hand corner of the image have a different error level than the items in the rest of the image, suggesting they were added later. In fact the books register the same error level as the subtitles and As-Sahab logo.

Further analysis also shows that the books have a different color range than the rest of the image, indicating that they came from an alternate source. Krawetz wasn’t able to determine what the books were but says if they were religious books, they might have simply been added to lend authority and reverence to the video. It’s also possible, he says, that such details could be added to a picture to send a message in code to al Qaeda operatives.Azzam_alamriki_3

UPDATE: For those of you who asked for Krawetz’s program, you can view the source code here.

You can also view his BlackHat presentation here (PDF). For those of you who think the software is better used to catch media manipulations of photos and video, Krawetz did present examples of these in his talk.

And to “Ann” who commented that she doubts al Qaeda would put subtitles on a video, As-Sahab, the logo in the lower left corner of the two al Qaeda videos is the production arm of al Qaeda. Yes, the organization has its own media production team.

2ND UPDATE: I quoted Krawetz as saying that the evidence indicates that the IntelCenter and As-Sahab logos were added to the al-Zawahiri video at the same time. Ben Venzke of IntelCenter says his organization didn’t add the As-Sahab logo. He points out that just because the error levels are the same for two items in an image, that doesn’t prove they were added at the same time, only that the compression was the same for both items when they were added.

3rd UPDATE: I was finally able to reach Neal Krawetz at the BlackHat conference to respond to the questions about the IntelCenter and As-Sahab logos (Krawetz doesn’t have a cell phone on him so finding him at the conference took a while). He now says that the error levels on the IntelCenter and As-Sahab logos are different and that the IntelCenter logo was added after the As-Sahab logo. However, in a taped interview I conducted with him after his presentation, he said the logos were the same error levels and that this indicated they were added at the same time. Additionally, after I’d written the first blog entry about his presentation, I asked him to read it to make sure everything was correct. He did so while sitting next to me and said it was all correct. He apologizes now for the error and the confusion it caused.

The problem I have with this technique and this presentation are that it is somewhat loose on premise. Sure, the Jihadist media arm of Al Qaida (GIMF) “Global Islamic Media Front” do have the capabilities for editing and creating video. More than likely they are just getting rid of backgrounds that could have attributable and recognizable areas. This would be a good way to try and get a line on the jihadists if they had shot the things in houses etc.

I do not believe though, that they are adding properties as steg. Steg is a very different animal. I also have to wonder at the process being used to sniff this out. Ostensibly something is being done, but there are too many variables to video compression etc, that make this method less than sure.

Written by Krypt3ia

2007/08/04 at 08:59

Posted in Uncategorized

Video Games…

leave a comment »

Researcher’s Analysis of al Qaeda Images Reveals Surprises — UPDATED
By Kim Zetter EmailAugust 02, 2007 | 9:16:00 PMCategories: DefCon

Neal Krawetz, a researcher and computer security consultant, gave an interesting presentation today at the BlackHat security conference in Las Vegas about analyzing digital photographs and video images for alterations and enhancements.

Using a program he wrote (and provided on the conference CD-ROM) Krawetz could print out the quantization tables in a JPEG file (that indicate how the image was compressed) and determine the last tool that created the image — that is, the make and model of the camera if the image is original or the version of Photoshop that was used to alter and re-save the image.

Comparing that data to the metadata embedded in the image he could determine if the photo was original or had been re-saved or altered. Then, using error level analysis of an image he could determine what were the last parts of an image that were added or modified.

Error level analysis involves re-saving an image at a known error rate (90%, for example), then subtracting the re-saved image from the original image to see every pixel that changed and the degree to which it changed. The modified versions will indicate a different error level than the original image.

You can see the difference in the two pictures (below right) of a bookshelf. Krawetz added some books and a toy dinosaur to the original image — both of which show up clearly in the second picture after he’s completed the error level analysis.Bookshelf_and_dinosaur

But more interesting were the examples Krawetz gave of al Qaeda images. Krawetz took an image from a 2006 al Qaeda video of Ayman al-Zawahiri (above right), a senior member of the terrorist organization. The image shows al-Zawahiri sitting in front of a desk and banner with writing on it. But after conducting his error analysis Krawetz was able to determine that al-Zawahiri’s image was superimposed in front of the background — and was most likely videotaped in front of a black sheet.

Krawetz was also able to determine that the writing on the banner behind al-Zawahiri’s head was added to the image afterward. In the second picture above showing the results of the error level analysis, the light clusters on the image indicate areas of the image that were added or changed. The subtitles and logos in the upper right and lower left corners (IntelCenter is an organization that monitors terrorist activity and As-Sahab is the video production branch of al Qaeda) were all added at the same time all have the same error level, while the banner writing was added at a different time has a different error level, likely around the same time that al-Zawahiri was added, Krawetz says. (See 2nd update below.)

Even more interesting is the analysis he conducted on another 2006 video image of Azzam al-Amriki showing him in a white room with a desk, computer and some books in the background. Error level analysis shows that the books in the lower right-hand corner of the image have a different error level than the items in the rest of the image, suggesting they were added later. In fact the books register the same error level as the subtitles and As-Sahab logo.

Further analysis also shows that the books have a different color range than the rest of the image, indicating that they came from an alternate source. Krawetz wasn’t able to determine what the books were but says if they were religious books, they might have simply been added to lend authority and reverence to the video. It’s also possible, he says, that such details could be added to a picture to send a message in code to al Qaeda operatives.Azzam_alamriki_3

UPDATE: For those of you who asked for Krawetz’s program, you can view the source code here.

You can also view his BlackHat presentation here (PDF). For those of you who think the software is better used to catch media manipulations of photos and video, Krawetz did present examples of these in his talk.

And to “Ann” who commented that she doubts al Qaeda would put subtitles on a video, As-Sahab, the logo in the lower left corner of the two al Qaeda videos is the production arm of al Qaeda. Yes, the organization has its own media production team.

2ND UPDATE: I quoted Krawetz as saying that the evidence indicates that the IntelCenter and As-Sahab logos were added to the al-Zawahiri video at the same time. Ben Venzke of IntelCenter says his organization didn’t add the As-Sahab logo. He points out that just because the error levels are the same for two items in an image, that doesn’t prove they were added at the same time, only that the compression was the same for both items when they were added.

3rd UPDATE: I was finally able to reach Neal Krawetz at the BlackHat conference to respond to the questions about the IntelCenter and As-Sahab logos (Krawetz doesn’t have a cell phone on him so finding him at the conference took a while). He now says that the error levels on the IntelCenter and As-Sahab logos are different and that the IntelCenter logo was added after the As-Sahab logo. However, in a taped interview I conducted with him after his presentation, he said the logos were the same error levels and that this indicated they were added at the same time. Additionally, after I’d written the first blog entry about his presentation, I asked him to read it to make sure everything was correct. He did so while sitting next to me and said it was all correct. He apologizes now for the error and the confusion it caused.

The problem I have with this technique and this presentation are that it is somewhat loose on premise. Sure, the Jihadist media arm of Al Qaida (GIMF) “Global Islamic Media Front” do have the capabilities for editing and creating video. More than likely they are just getting rid of backgrounds that could have attributable and recognizable areas. This would be a good way to try and get a line on the jihadists if they had shot the things in houses etc.

I do not believe though, that they are adding properties as steg. Steg is a very different animal. I also have to wonder at the process being used to sniff this out. Ostensibly something is being done, but there are too many variables to video compression etc, that make this method less than sure.

Written by Krypt3ia

2007/08/04 at 08:59

Posted in Uncategorized

B&W

leave a comment »

Curled

Written by Krypt3ia

2007/08/04 at 07:59

Posted in Uncategorized

B&W

leave a comment »

Curled

Written by Krypt3ia

2007/08/04 at 07:59

Posted in Uncategorized

B&W

leave a comment »

Curled

Written by Krypt3ia

2007/08/04 at 07:59

Posted in Uncategorized